Hillary Clinton Calls for Stronger Cybersecurity Measures

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

June 28 — Hillary Clinton pledged to promote cybersecurity and safeguard cross-border data flows while protecting privacy as part of a sweeping tech agenda the presumptive Democratic presidential nominee rolled out June 28.

Clinton also is calling for strengthening federal networks to improve the U.S. government's cybersecurity and building on President Barack Obama's $19 billion Cybersecurity National Action Plan, according to a fact sheet posted on her campaign website (15 PVLR 317, 2/15/16).

Clinton's agenda signals potential opportunities for companies across various industries, as she called for increased public-private partnerships to train more computer science teachers, reboot job training, boost investments in local innovation and foster “civic internet of things” through public investments. She also advocated a “national commitment to technology, innovation and entrepreneurship.”

“The Technology and Innovation agenda released today addresses numerous critical issues—the need for an open flow of data across borders, resisting calls for data localization and the need to stop nation state cyber-enabled espionage,” Norma M. Krayem, senior policy adviser at Holland & Knight LLP in Washington and the co-chair of the firm's Data Protection and Cybersecurity Group, told Bloomberg BNA June 28.

“We're encouraged that Hillary Clinton is making the internet's future a top priority in her campaign,” Craig Aaron—president of nonprofit organization Free Press Action Fund, which seeks to protect right to connect and communicate—said in a June 28 statement. However, Aaron said he wanted more details.

“Unfortunately, her initiative lacks details on how a future Clinton administration would protect the privacy rights of everyday people,” Aaron said.

Until now, Clinton's campaign has been largely silent on cybersecurity and privacy issues. Instead, Clinton had framed cybersecurity as an element in ensuring national security and addressing conflicts with other countries (15 PVLR 705, 4/4/16).

Cybersecurity and Privacy

According to the fact sheet, Clinton wants to expand investment in cybersecurity technologies and accelerate the adoption of best practices such as the National Institute of Standards and Technology Cybersecurity Framework (13 PVLR 281, 2/17/14).

Clinton urged government agencies to consider bug bounty programs, modeled after the Defense Department's “Hack the Pentagon” initiative (15 PVLR 494, 3/7/16).

Clinton said she would build on the Obama's cybersecurity action plan, especially the “empowerment of a federal Chief Information Security Officer, the modernization of federal IT, and upgrades to government-wide cybersecurity,” the fact sheet said.

Clinton also called for promoting commercial data privacy. Rejecting the “false choice between privacy interests and keeping Americans safe,” she said she backed a national commission on digital security and encryption proposed by Sen. Mark Warner (D-Va.) and Rep. Michael McCaul (R-Texas), the fact sheet said (15 PVLR 427, 2/29/16). According to the fact sheet, Clinton's approach to privacy “will affirm strong consumer protection values through effective regulatory enforcement in an adaptive manner, encouraging high standards in industry without stifling innovation.”

“Now that Clinton has released her internet and technology priorities, we ask presumptive Republican presidential nominee Donald Trump to do the same. Voters need to know where the candidates stand on these crucial issues,” Aaron said.

Cross-Border Data Flows

Clinton criticized countries that are closing off their “digital borders” to cross-border data flows or insisting on data localization to “maintain control or unfairly advantage their own companies,” the fact sheet said.

The fact sheet didn't list specific countries. But starting in September 2015, Russia began requiring all data operators to store all personal data of Russian citizens in databases located inside Russia (14 PVLR 1633, 9/7/15).

Clinton also said that she supports efforts such as the European Union-U.S. Privacy Shield framework (15 PVLR 269, 2/8/16) to “find alignment in national data privacy laws and protect data movement across borders.”

The Privacy Shield framework replaced the U.S.-EU Safe Harbor framework, which was invalidated October 2015 by the European Court of Justice on the basis that it was inadequate to protect the privacy rights of EU citizens, in particular in the face of possible law enforcement access to their data in the U.S. (14 PVLR 1825, 10/12/15).

Clinton called for an “updated, streamlined, and privacy-protective procedures for the sharing of data across borders in response to legitimate law enforcement investigations,” according to the fact sheet.

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Daniel R. Stoller at dstoller@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.